Some topics are currently still easy to ignore, even though they are beyond dominant and critical to our daily lives: besides climate change, this also includes everything that revolves around data. It is still perceived as something too abstract, that does not affect us in a tangible manner in our daily lives. However, there is a reason why data is also described as the "new gold": once discovered, there is a rush – to collect and use it, for marketing, trade, national security and defense, surveillance, and other manifold reasons, by both the public and private sector. While being useful, processes of data collection, processing and storing also pose a serious threat to basic human rights and freedoms. Data subjects are under an ever-growing risk of having their data misused, accounts hacked, and personal information unwillingly being turned against themselves.
We should all know how our personal data can and is being used – and how we can and should protect it. In the legal field this of course means: what should our laws and regulations look like?
As the Konrad-Adenauer-Stiftung (KAS) Rule of Law Programme Middle East & North Africa, we presented the study written by Prof. Moritz Hennemann and Dr. Patricia Boshe, comparing the data protection laws in Northern Africa. In cooperation with Prof. Hajer Gueldich and her team from the Laboratory of Research on International Law at the University of Carthage we organized a presentation and panel discussion with interested scholars and students in Tunis.
Four experts provided their insights and contributions. It was a particular honor to have Axel Voss, MdEP and shadow rapporteur of the EU General Data Protection Regulation (GDPR) for the EPP, as well as Chawki Gaddes, Professor and President of the Tunisian Data Protection Authority INPDP, as well as Judge Lamia Zargouni from the Tunisian Court of Cassation with us.
Three take-aways from the event are the following:
- All five comprehensive northern African regulations have big similarities, also with the GDPR, though no EU adequacy decisions have been granted; yet there are also differences, e.g. regarding the question of the possibility to inherit “data protection rights”,
- While it may be advantageous for other countries to take the GDPR as a starting point or inspiration, it is important to always consider the national individualities as well as evaluate how well Europe has fared with the GDPR, especially in terms of international competition,
- As data protection regulations continue to grow in number worldwide, the next years will show which approach will be considered most effective: one size fits all, individual national regulations, regional or international frameworks, certain shared guiding principles plus national provisional exceptions?